Snr Assoc, Application Security Engineer, Information Security Services, Group Technology

Business Function Group Technology enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group Tech, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels. Job Purpose The Application Security Engineer plays an instrumental role in ensuring the security of applications developed within the bank. The individual will contribute to strengthening the secure Software Development Life Cycle (SDLC) and fostering a security-aware development culture through the usage of Application Security tools, advisory and training. Responsibilities Provide advisory on application security tools and processes, including SAST, DAST and secure coding guidelines. Participate and execute vulnerability analysis and root cause investigations for identified security findings. Collaborate with development teams to ensure the timely and effective remediation of security vulnerabilities. Contribute to the training and education of developers on secure coding practices and application security best practices. Stay up-to-date with the latest security trends, technologies, and industry developments to recommend and implement innovative solutions. Requirements Bachelor's or master's degree in computer science, Information Technology, or a related field. Minimum 5 years of experience in a cybersecurity engineering, information security, or software development role, with a strong focus on secure software development practices, preferably in the financial services industry. Practical experience in working with SAST and DAST tools and integrating them with CI/CD pipelines. Practical development experience with Python and one or more languages such as Java and/or JavaScript/TypeScript. Strong understanding of cybersecurity principles, frameworks, and best practices, such as NIST and OWASP Top 10. Experience applying DevSecOps principles including CI/CD, configuration, and infrastructure (Unix/Linux) as code, and auto-remediation. Excellent problem-solving, analytical, and critical thinking skills to identify and address complex security challenges. Ability to work collaboratively with cross-functional teams and communicate technical information to both technical and non-technical stakeholders. Core Competencies Able to work with technology experts at all levels of the hierarchy with credibility. Self-starter: Takes initiative, understands the broader picture, is open to new ideas, and prepared to innovate. Strong desire to learn and adapt to new technologies, especially in the rapidly evolving fields of AI/ML and cybersecurity. Dependable: Demonstrated commitment to completing tasks from initiation through to completion. Location: DBS Asia Hub Job: Technology Schedule: Regular Employee Status: Full time